[Frogstitch64]

Hello, I am writing regarding a friend's computer that currently will not start up. He had a fake security program he removed with SuperAntiSpyware (there were two rogue programs it removed) and after reboot, it will not start up.

He gets the warning page about Windows not being able to start and the choices to start in Safe Mode, Safe Mode with Networking etc. but cannot toggle up and down on that screen. We switched out keyboards, and that did not make a difference. Because we can't toggle to start up in safe mode with networking it just keeps starting in Normal Mode, saying it can't start, and rebooting itself again. It only stops rebooting itself when turned off manually. It will turn off without having to pull the power plug.

He is using Windows XP Professional, not sure the make of the computer itself. Work was done recently to change the processor, switch out the video card and fan. It worked fine for two days before this fake security program loaded itself.

Thank you!
~Kathy

Also ... I have a Reinstallation CD, MS Windows XP Professional Service Pack 2. It's for my Dell, not his computer. He doesn't have any startup discs.

[michaelg9]

Hi
Welcome to Geeks to Go! My name is Michael and I am here to help you fix your computer.
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:

• Know that I'm still in training here, so there may be a small delay between my answers, as each reply must be approved by a resident expert before I will be allowed to post it to you.
  
• POST your logs, don't attach them, as it makes it harder to read.
  
• Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
  
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  
• Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

I'll come back in a little with a set of instructions.

Thank you

[Frogstitch64]

Hello, Michael, thank you for your help.

I will be traveling between this working computer and the one in need, so until we get it online please understand there will be delays as I have to fit those trips into my day.

Please do not close this thread after the final recommendations step until I have had a chance to post how the computer is running and thank you.

It's great that you are in training, congratulations. This thread won't be quite as complicated as my last one, but will definitely give you exposure to some cool problem solving opportunities.

~Kathy

[michaelg9]

Hey,

Please print these instruction out so that you know what you are doing

File details OTLPEStd.exe
Bytes=97,702,766
MB=93.1
MD5=FC1A07D156DE710955032B1CF7891671

• Download OTLPEStd.exe to your desktop
  
• Ensure that you have a blank CD in the drive
  
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
  
• Double-click on the OTLPE icon.
  
• Select the Windows folder of the infected drive if it asks for a location
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
  
• Drag and drop this attached scan.txt into the Custom scans and fixes box
  [attachment=43336:scan.txt]
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system.
  
• Right click the file and select send to : select the USB drive.
  
• Confirm that it has copied to the USB drive by selecting it
  
• You can backup any files that you wish from this OS
  
• Please post the contents of the C:\OTL.txt file in your reply.

Thank you

[Frogstitch64]

Hi,

Okay, to clarify ... I am doing all of these steps on MY computer that is currently running fine, not on my friend's computer that we are trying to fix, right? Remember, we cannot start his computer so we can't access anything on it.

Also, I do not have a CD burner. Can OTLPE fit on and run from a flash drive, if so what size?

[michaelg9]

Hey,

Frogstitch64, on Jul 11 2010, 01:23 AM, said:

Okay, to clarify ... I am doing all of these steps on MY computer that is currently running fine, not on my friend's computer that we are trying to fix, right? Remember, we cannot start his computer so we can't access anything on it.

Yes I know, you should download and burn the CD from the working computer but run it on the infected one.

Quote

Also, I do not have a CD burner. Can OTLPE fit on and run from a flash drive, if so what size?

A CD burner is included in this download, if you don't have a CD or prefer the usb, tell me to give you the right instructions.

Thank you

[Frogstitch64]

OK on the burner being in the download, that's cool.

I do not have blank CDs but do have blank DVDs and an 8GB flash drive.

If the CD is the best method, I will go buy one.

[michaelg9]

Hey,

These are the instructions to run OTLPE from a usb flash drive, choose which method you prefer and follow it:

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

• 
  
  • Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
    
    
  • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    
    
  • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  
  
  
• Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
  
  
  
  
  
• Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
  
  
  
  
  
• Please also decompress eeepcfr to your systemroot (usually C:\).
  
  
• Empty the flash drive you want to install OTLPE on.
  
  
• Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  
  
• Press any key when asked to in the black window that opens.
  
  
• As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
  For Drive Label: type in OTLPE.
  Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
  Finally check Enable File Copy.
  
  
  
  
  
  
• Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

• Reboot your system using the boot USB you just created.
  Note : If you do not know how to set your computer to boot from USB follow the steps here
  
• As the USB needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
  
• Your system should now display a Reatogo desktop.
  
• Double-click on the OTLPE icon.
  
• Select the Windows folder of the infected drive if it asks for a location
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
  
• Drag and drop this attached scan.txt into the Custom scans and fixes box
  [attachment=43353:scan.txt]
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system.
  
• Right click the file and select send to : select the USB drive.
  
• Confirm that it has copied to the USB drive by selecting it
  
• You can backup any files that you wish from this OS
  
• Please post the contents of the C:\OTL.txt file in your reply.

Thank you

[Frogstitch64]

I could not use a CD, the window indicated "No writers detected" ... I honestly don't understand how you can write on a CD without a burner/writer, my drive is read only. Anyway ...

I got to Step 8 above for the flash drive and after accepting the disclaimer got the message:

Format Error [11]: An Error Occurred Formatting the Drive

Please remember this is an 8GB flash drive and my system is WinXP Home Edition 2002 Service Pack 3. If I need a smaller flash drive in order for it to partition, I can go get one (my only other flash drive is too small)

Thank you.

[Frogstitch64]

I bought a 2 gig flash drive and successfully loaded it ... now off to the computer that's down.

My next post will hopefully be the contents of the OTL text file ...

[Frogstitch64]

Here is the OTL text file:

OTL logfile created on: 7/11/2010 4:47:10 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 822.00 Mb Available Physical Memory | 80.00% Memory free
907.00 Mb Paging File | 837.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 14.99 Gb Free Space | 51.16% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 43.21 Gb Free Space | 95.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 1.86 Gb Total Space | 1.53 Gb Free Space | 82.20% Space Free | Partition Type: FAT

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - [2010/06/04 09:54:26 | 000,238,928 | ---- | M] (CA, Inc.) [Auto] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/30 19:15:54 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 19:10:30 | 000,281,104 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2007/10/18 10:24:46 | 001,010,192 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2007/10/18 10:24:46 | 000,801,296 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/10/18 10:24:44 | 000,145,936 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2007/08/20 13:27:26 | 000,144,960 | ---- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2007/08/16 21:10:16 | 000,189,704 | ---- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2007/01/04 12:10:22 | 000,280,080 | ---- | M] (CA, Inc.) [Auto] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/10/15 15:08:30 | 001,032,192 | ---- | M] () [Auto] -- C:\WINDOWS\system32\mdmcls32.exe -- (WinSock Extention Manager)
SRV - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/06/07 19:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/03 08:56:34 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/03 08:56:34 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/01 10:28:45 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/12/01 10:28:45 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/12/01 10:28:45 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/12/01 10:28:45 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/07/10 22:04:25 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/06/24 19:08:58 | 000,093,712 | ---- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2008/06/24 19:08:56 | 000,066,576 | ---- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/06/24 19:08:52 | 000,115,216 | ---- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2008/06/24 19:08:46 | 000,045,584 | ---- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2008/06/24 19:08:42 | 000,134,648 | ---- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2008/06/24 19:08:42 | 000,088,816 | ---- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2008/06/24 19:08:36 | 000,063,504 | ---- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/07/26 05:03:22 | 003,644,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 12:50:00 | 000,320,384 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mgaum.sys -- (mgau)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Schuler_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Schuler_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\Schuler_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Schuler_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Schuler_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/06/13 17:33:01 | 000,608,415 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16056 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Schuler_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\Schuler_ON_C\..\Toolbar\WebBrowser: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Schuler_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Schuler_ON_C..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Schuler_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1209337631624 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1209338707155 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/27 16:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 00:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVGT
[2010/07/05 16:58:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/07/05 16:58:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/07/05 16:58:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/07/05 16:48:36 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/07/05 16:07:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/05 13:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/03 17:25:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/03 17:25:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/03 17:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 16:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/07/03 16:33:56 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mgaum.sys
[2010/07/03 16:33:56 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2010/07/03 16:33:55 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mgaud.dll
[2010/07/03 16:33:55 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2010/06/27 17:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/17 20:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\Desktop\Garage Pictures
[2010/06/17 16:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/17 16:41:25 | 015,192,064 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/06/17 16:41:25 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/06/17 16:41:23 | 010,256,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/06/17 16:41:23 | 004,554,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/06/17 16:41:23 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/06/17 16:41:23 | 002,165,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/06/17 16:41:23 | 001,359,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/06/17 16:41:23 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/06/17 16:41:23 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/06/13 21:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\My Documents\My Received Files
[2010/06/13 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\Tracing
[2010/06/13 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/13 19:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/13 18:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\Application Data\SUPERAntiSpyware.com
[2010/06/13 17:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/06/13 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/06/12 06:59:22 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/12 06:59:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/12 06:59:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/12 06:59:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/04/29 20:43:01 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2008/04/29 20:43:01 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2008/04/29 20:43:01 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2008/04/29 20:43:01 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2008/04/29 20:43:01 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2008/04/29 20:43:01 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2008/04/29 20:43:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2008/04/29 20:43:01 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2008/04/29 20:43:00 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2008/04/29 20:43:00 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2008/04/29 20:43:00 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/09 08:16:51 | 000,294,848 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/07/09 08:16:51 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/09 08:16:51 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/09 08:16:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/07/09 08:16:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/07/09 08:16:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/07/09 08:16:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/07/09 08:16:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/07/09 08:16:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/07/09 08:16:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/07/09 08:16:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 08:16:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 08:16:28 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Schuler\ntuser.dat
[2010/07/09 08:16:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Schuler\ntuser.ini
[2010/07/09 08:16:16 | 002,638,088 | -H-- | M] () -- C:\Documents and Settings\Schuler\Local Settings\Application Data\IconCache.db
[2010/07/09 08:01:03 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/09 07:32:19 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/09 06:32:04 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 00:42:22 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/07 20:23:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 16:49:51 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/05 16:48:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/05 16:48:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/05 15:57:35 | 000,000,639 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 15:57:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/05 15:57:35 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/07/05 13:53:15 | 000,596,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 13:53:15 | 000,502,374 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 13:53:15 | 000,086,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 13:46:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\CTSTATUS.FCS
[2010/07/03 16:43:12 | 079,651,488 | ---- | M] () -- C:\Documents and Settings\Schuler\My Documents\tst bu.reg
[2010/06/27 19:50:21 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/27 19:50:21 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/27 19:50:20 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/27 19:30:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/06/17 20:58:36 | 000,158,665 | ---- | M] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 2.jpg
[2010/06/17 20:58:08 | 000,183,478 | ---- | M] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 1.jpg
[2010/06/16 21:16:27 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Schuler at 6 55 PM.job
[2010/06/13 21:11:48 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Schuler\Desktop\Update Checker.lnk
[2010/06/13 20:47:23 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/13 19:09:40 | 000,020,168 | ---- | M] () -- C:\Documents and Settings\Schuler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/13 17:40:42 | 000,001,391 | -H-- | M] () -- C:\IPH.PH
[2010/06/13 17:40:29 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/06/13 17:33:01 | 000,608,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/03 16:43:00 | 079,651,488 | ---- | C] () -- C:\Documents and Settings\Schuler\My Documents\tst bu.reg
[2010/06/27 19:30:32 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/27 19:30:27 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/27 19:30:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/27 19:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/06/17 20:58:36 | 000,158,665 | ---- | C] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 2.jpg
[2010/06/17 20:58:06 | 000,183,478 | ---- | C] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 1.jpg
[2010/06/17 16:41:25 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/06/17 16:41:23 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/13 21:11:48 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Schuler\Desktop\Update Checker.lnk
[2010/06/13 17:40:29 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/05/07 21:27:30 | 000,160,896 | ---- | C] () -- C:\Program Files\Common Files\id44edl.pdf
[2010/05/03 18:16:03 | 000,054,554 | ---- | C] () -- C:\Program Files\Common Files\The 3 Sex Position That Guarantee Orgasms.pdf
[2010/02/09 23:08:44 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Schuler\ntuser.dat
[2009/12/19 09:18:02 | 000,021,016 | ---- | C] () -- C:\Program Files\Common Files\l_f29e9bdeb5094d5783b1d185ced5edd8.jpg
[2009/12/19 09:17:58 | 000,025,636 | ---- | C] () -- C:\Program Files\Common Files\l_f09a79e470a2433fbf0dfeb8a5b03d68.jpg
[2009/12/19 09:17:54 | 000,037,223 | ---- | C] () -- C:\Program Files\Common Files\l_ebbe8fa14aaa47579ebcb6c1fdb2a9cd.jpg
[2009/12/19 09:17:50 | 000,016,258 | ---- | C] () -- C:\Program Files\Common Files\l_e166da997a30499c8b9fa8c44a9851aa.jpg
[2009/12/19 09:17:46 | 000,034,207 | ---- | C] () -- C:\Program Files\Common Files\l_e1ab56947a7d49f9b54dd3ea376022cf.jpg
[2009/12/19 09:17:41 | 000,034,423 | ---- | C] () -- C:\Program Files\Common Files\l_dafb89820595449ab0ba38f091d19d6b.jpg
[2009/12/19 09:17:37 | 000,012,978 | ---- | C] () -- C:\Program Files\Common Files\l_d88e03257447484f969f749d3130bed9.jpg
[2009/12/19 09:17:26 | 000,023,439 | ---- | C] () -- C:\Program Files\Common Files\l_d40a50e9656147ac85f7ed21c224313b.jpg
[2009/12/19 09:17:22 | 000,037,469 | ---- | C] () -- C:\Program Files\Common Files\l_cdc2df876daa4ca58c59c125119839c1.jpg
[2009/12/19 09:17:18 | 000,037,066 | ---- | C] () -- C:\Program Files\Common Files\l_c9008190bf664782b1bb2a5e95151f50.jpg
[2009/12/19 09:17:14 | 000,040,875 | ---- | C] () -- C:\Program Files\Common Files\l_b0262954e84344e09075b9822c8ff43d.jpg
[2009/12/19 09:17:09 | 000,041,515 | ---- | C] () -- C:\Program Files\Common Files\l_ae13b62e55dd4ce3a673c5f079432675.jpg
[2009/12/19 09:17:04 | 000,021,461 | ---- | C] () -- C:\Program Files\Common Files\l_a4b9e96685174338b4b20cefce5dd020.jpg
[2009/12/19 09:16:59 | 000,021,007 | ---- | C] () -- C:\Program Files\Common Files\l_43430853544a4c82bfa9a6199a879b94.jpg
[2009/12/19 09:16:53 | 000,025,105 | ---- | C] () -- C:\Program Files\Common Files\l_2049b0f8cf214be8add38a59228ae449.jpg
[2009/12/19 09:16:46 | 000,023,948 | ---- | C] () -- C:\Program Files\Common Files\l_91a339855418404db1a1809e0da7b0b5.jpg
[2009/12/19 09:16:33 | 000,028,136 | ---- | C] () -- C:\Program Files\Common Files\l_52f880b040464a0abc04e3b801c81736.jpg
[2009/12/19 09:16:28 | 000,021,557 | ---- | C] () -- C:\Program Files\Common Files\l_28a01a0313c644b383f3986cc46d8838.jpg
[2009/12/19 09:16:23 | 000,021,143 | ---- | C] () -- C:\Program Files\Common Files\l_13e727c4cc6e41c4b25f73c85ed20aac.jpg
[2009/12/19 09:16:17 | 000,024,238 | ---- | C] () -- C:\Program Files\Common Files\l_9a7e78b8ef8c4d058b463a1de1656c02.jpg
[2009/12/19 09:16:12 | 000,041,950 | ---- | C] () -- C:\Program Files\Common Files\l_8d340435e82c4d478f37eb36fb97f839.jpg
[2009/12/19 09:15:30 | 000,043,118 | ---- | C] () -- C:\Program Files\Common Files\l_08d750a8f0de40b48c56bcfdbc7d4cb6.jpg
[2009/12/19 09:15:22 | 000,035,547 | ---- | C] () -- C:\Program Files\Common Files\l_7ea232c7b85c41f09770bdca7d49964d.jpg
[2009/12/19 09:15:15 | 000,033,656 | ---- | C] () -- C:\Program Files\Common Files\l_4c778be42a5f4b7faa9ef6853f69e04e.jpg
[2009/12/19 09:15:04 | 000,031,161 | ---- | C] () -- C:\Program Files\Common Files\l_01fc82d51e8a48888b5274f59511976a.jpg
[2009/09/15 09:23:22 | 000,290,116 | ---- | C] () -- C:\Program Files\Common Files\attachments_2009_09_15.1.321C02.efw
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/20 19:01:08 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Schuler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 11:04:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/10/19 16:23:34 | 000,690,688 | ---- | C] () -- C:\Program Files\thewiseoldman.pps
[2008/08/19 07:26:02 | 000,010,752 | ---- | C] () -- C:\Program Files\Letter_to_members_meeting.wps
[2008/08/15 15:15:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2008/08/10 16:31:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/08/10 16:30:52 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/29 20:45:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2008/04/29 20:44:59 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2008/04/29 20:44:51 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2008/04/29 20:44:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2008/04/29 20:44:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2008/04/29 20:44:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2008/04/29 20:44:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008/04/29 20:43:01 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2008/04/29 20:43:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2008/04/29 20:32:16 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/04/27 19:53:19 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/04/27 18:36:22 | 002,064,384 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2008/04/27 18:36:22 | 001,294,422 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2008/04/27 17:00:34 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Schuler\ntuser.dat.LOG
[2008/04/27 17:00:34 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Schuler\ntuser.ini
[2008/04/27 16:59:53 | 000,237,568 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2008/04/27 16:59:53 | 000,049,152 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2008/04/27 16:59:53 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2008/04/27 16:59:53 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2008/04/27 16:59:52 | 000,237,568 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2008/04/27 16:59:52 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/04/30 06:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Schuler\Application Data\5400 Series
[2008/04/27 20:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Schuler\Application Data\acccore
[2010/03/04 10:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Schuler\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/20 12:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Schuler\Application Data\Windows Desktop Search
[2009/08/20 20:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Schuler\Application Data\Windows Search
[2010/06/16 21:16:27 | 000,000,518 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Schuler at 6 55 PM.job
[2010/07/09 08:01:03 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/06/07 19:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/06/03 08:56:34 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\veteboot.sys
[2010/06/03 08:56:34 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vetefile.sys

< %SYSTEMDRIVE%\*.* >
[2008/04/27 16:57:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/05 15:57:35 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2008/04/27 18:56:05 | 000,034,716 | ---- | M] () -- C:\caavsetupLog.txt
[2010/06/04 12:04:53 | 000,082,734 | ---- | M] () -- C:\caisslog.txt
[2008/04/27 16:57:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/27 16:57:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/13 17:40:42 | 000,001,391 | -H-- | M] () -- C:\IPH.PH
[2010/06/16 16:53:57 | 000,386,525 | ---- | M] () -- C:\lxct.log
[2009/09/20 09:02:46 | 000,000,576 | ---- | M] () -- C:\lxctscan.log
[2010/07/05 13:45:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/27 16:57:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/27 20:16:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/14 14:30:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/03 20:40:52 | 000,000,429 | ---- | M] () -- C:\rkill.log
[2008/08/12 06:09:37 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/27 16:57:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/06/21 02:44:04 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxctdrpp.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*

Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*

Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %PROGRAMFILES%\*.dat >

Invalid Environment Variable: %APPDATA%\Update\*.*

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/05/06 06:41:49 | 011,076,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/05/06 06:41:50 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/27 12:41:51 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/27 12:41:51 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/27 12:41:51 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 10:56:52
< End of report >

[michaelg9]

Hey,

Start OTLPE as you did previously from CD

• Insert your USB drive with OTLPEfix.txt on it
  
• Start OTLPE
  
• Drag and drop OTLPEfix.txt into the Custom scans and fixes box:
  [attachment=43387:OTLPEFix.txt]
  
• If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done to normal mode if possible
  
• If it's not possible, then post a new OTLPE log as you did previously, but using OTLPEScan.txt this time:
  [attachment=43388:OTLPEScan.txt]
  
• Post the log it produce.

Finally, tell me if you can boot into any mode or not.
Thank you

[Frogstitch64]

Hello, I am writing from the computer we're working on.

Steps in your instructons have not worked exactly as written (for instance I did not use a CD, as I'd said in my post above I used the 2 gig USB flash drive), and since I am not really a computer person a reminder to change the boot sequence back to the hard drive would've saved me about 15 minutes of frustration, BUT this computer is up and running in normal mode and we are online.

Woohoo!

Thank you for your help so far. What's next?

[michaelg9]

Hey,
Regarding the comment about my instructions, you are right and I'm sorry for that, but it was caused because the OTLPE canned (we are working with a system of canned speeches, it's not easy to write all these instructions every time) was initially written for making a CD, but as you weren't able to make a CD, I had to alternate the canned for using OTLPE CD to execute the fix to make it for a USB, and I forgot some parts unedited.

As for the boot sequence order, it was not intended to change until we could make the computer bootable (so you could boot from the hard drive). Furthermore, even if it was left unchanged, there would be no problem starting the computer as it would detect that there is not a bootable USB attached to it, so it would try to load from the second device in order, which would normally should be your hard drive...

Anyway, so you're saying me that the computer can now load? Try both safe and normal mode to see if there are any problems. Tell me what problems remain, but if there aren't any problems at all, don't leave this topic until we make sure you are clean. I'll post in a little with new instructions.

For now, can you please post the OTLPE log requested in post #12?

Thank you

[Frogstitch64]

Hi Michael,

I figured the instructions were canned, and since you said you're still in training I figured I'd say the obvious anyway, because for those of us out here that aren't real computer savvy, it gets confusing quickly.

Regarding the boot sequence, the hard drive was not the second item on the list. When I changed the first choice to the USB drive, the second choice already was USB drive, and the third choice was CD. I didn't change anything accept the first choice, so hard drive wasn't on the list anywhere when I tried to reboot into normal mode the first time. I didn't want to just pull the flash drive out without going through the step to make it safe to do so, but wasn't sure how the computer could make it safe to remove the device when it was running off the device. So, I changed the boot sequence, and as the machine rebooted, I pulled the flash drive between when it went off and back on again. It started in normal mode from the hard drive without a problem.

Yes the computer boots now with no problem in normal mode. So far everything is working as it was before the fake security program took over. There doesn't seem to be any problems at this point. Thank you for getting it back up and running!

I guess I didn't understand the instructions in step 12. Sorry about that. When it said :

•Let the program run unhindered, reboot when it is done to normal mode if possible
•If it's not possible, then post a new OTLPE log as you did previously, but using OTLPEScan.txt this time..

I thought that meant get an OTLPE log only if it didn't work, so I didn't run OTLPE at that time. Because OTLPE isn't on this hard drive (it was on the flash drive) I downloaded OTL and ran it with the text you provided. I didn't know whether to run the full scan or a quick scan, so I ran the full scan. I am not sure if this is what you are looking for. While it ran, and error message popped up and an rkill.log
also popped up. When it was done there was the OTL.text file and an extras.txt file. I have no clue which is the log you want. I will put the OTL.txt in this post and the other three in another post.

Sorry, I am starting to get a bit confused here.

OTL logfile created on: 7/13/2010 3:41:31 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Schuler\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 13.51 Gb Free Space | 46.10% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 43.21 Gb Free Space | 95.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHULER-764GCES
Current User Name: Schuler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/13 15:07:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Schuler\Desktop\OTL.exe
PRC - [2010/06/04 09:54:26 | 000,238,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/06/04 09:54:26 | 000,226,640 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2009/07/30 19:15:54 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/07/30 19:15:54 | 000,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/02/23 09:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/10 17:42:06 | 000,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2008/08/10 17:42:05 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2008/06/24 19:10:30 | 000,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2008/04/27 18:56:01 | 000,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 11:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/10/18 10:24:46 | 001,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2007/10/18 10:24:46 | 000,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2007/10/18 10:24:44 | 000,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2007/08/20 13:27:26 | 000,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2007/08/16 21:10:16 | 000,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2007/08/16 21:10:14 | 000,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2007/01/11 13:57:22 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2007/01/04 12:10:22 | 000,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2006/10/15 15:26:48 | 010,870,784 | ---- | M] () -- C:\WINDOWS\cfgmng32.exe
PRC - [2006/10/15 15:08:30 | 001,032,192 | ---- | M] () -- C:\WINDOWS\system32\mdmcls32.exe
PRC - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2006/06/07 02:05:20 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
PRC - [2005/11/15 15:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2005/07/22 03:00:10 | 000,081,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/13 15:07:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Schuler\Desktop\OTL.exe
MOD - [2008/04/27 18:56:01 | 000,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOEHook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - [2010/06/04 09:54:26 | 000,238,928 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/30 19:15:54 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 19:10:30 | 000,281,104 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2007/10/18 10:24:46 | 001,010,192 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2007/10/18 10:24:46 | 000,801,296 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/10/18 10:24:44 | 000,145,936 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2007/08/20 13:27:26 | 000,144,960 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2007/08/16 21:10:16 | 000,189,704 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2007/01/04 12:10:22 | 000,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/10/15 15:08:30 | 001,032,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\mdmcls32.exe -- (WinSock Extention Manager)
SRV - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010/06/07 19:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/03 08:56:34 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/03 08:56:34 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/01 10:28:45 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/12/01 10:28:45 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/12/01 10:28:45 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/12/01 10:28:45 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/07/10 22:04:25 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/06/24 19:08:58 | 000,093,712 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2008/06/24 19:08:56 | 000,066,576 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/06/24 19:08:52 | 000,115,216 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2008/06/24 19:08:46 | 000,045,584 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2008/06/24 19:08:42 | 000,134,648 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2008/06/24 19:08:42 | 000,088,816 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2008/06/24 19:08:36 | 000,063,504 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/07/26 05:03:22 | 003,644,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 12:50:00 | 000,320,384 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mgaum.sys -- (mgau)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"



[2008/05/09 16:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Schuler\Application Data\Mozilla\Firefox\Profiles\aa0cq3uf.default\extensions

O1 HOSTS File: ([2010/06/13 17:33:01 | 000,608,415 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16056 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1209337631624 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1209338707155 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/27 16:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d344d8e8-9be1-11de-9b65-001ee59cc5fa}\Shell - "" = AutoRun
O33 - MountPoints2\{d344d8e8-9be1-11de-9b65-001ee59cc5fa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d344d8e8-9be1-11de-9b65-001ee59cc5fa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 15:07:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Schuler\Desktop\OTL.exe
[2010/07/13 12:07:26 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/07/13 12:07:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/05 16:58:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/07/05 16:58:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/07/05 16:58:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/07/05 16:48:36 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/07/05 16:07:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/05 13:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/03 17:25:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/03 17:25:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/03 17:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 16:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/07/03 16:33:56 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mgaum.sys
[2010/07/03 16:33:56 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2010/07/03 16:33:55 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mgaud.dll
[2010/07/03 16:33:55 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2010/06/27 17:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/17 20:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\Desktop\Garage Pictures
[2010/06/17 16:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/06/17 16:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/17 16:41:25 | 015,192,064 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/06/17 16:41:25 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/06/17 16:41:23 | 010,256,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/06/17 16:41:23 | 004,554,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/06/17 16:41:23 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/06/17 16:41:23 | 002,165,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/06/17 16:41:23 | 001,359,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/06/17 16:41:23 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/06/17 16:41:23 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/06/13 21:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\My Documents\My Received Files
[2010/06/13 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\Tracing
[2010/06/13 19:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/06/13 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/13 19:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/13 18:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Schuler\Application Data\SUPERAntiSpyware.com
[2010/06/13 18:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/13 17:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/06/13 17:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/06/13 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2008/04/29 20:43:01 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2008/04/29 20:43:01 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2008/04/29 20:43:01 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2008/04/29 20:43:01 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2008/04/29 20:43:01 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2008/04/29 20:43:01 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2008/04/29 20:43:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2008/04/29 20:43:01 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2008/04/29 20:43:00 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2008/04/29 20:43:00 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2008/04/29 20:43:00 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/07/13 16:01:12 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/13 15:35:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/13 15:34:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/13 15:34:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/13 15:32:56 | 000,294,848 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/07/13 15:32:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/07/13 15:32:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/07/13 15:32:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/07/13 15:32:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/07/13 15:32:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/07/13 15:32:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/07/13 15:32:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/07/13 15:32:31 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Schuler\ntuser.dat
[2010/07/13 15:32:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Schuler\ntuser.ini
[2010/07/13 15:32:21 | 004,264,430 | -H-- | M] () -- C:\Documents and Settings\Schuler\Local Settings\Application Data\IconCache.db
[2010/07/13 15:07:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Schuler\Desktop\OTL.exe
[2010/07/09 07:32:19 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/09 06:32:04 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 00:42:22 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 16:49:51 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/05 16:48:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/05 16:48:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/05 15:57:35 | 000,000,639 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 15:57:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/05 15:57:35 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/07/05 13:53:15 | 000,596,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 13:53:15 | 000,502,374 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 13:53:15 | 000,086,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 13:46:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\CTSTATUS.FCS
[2010/07/04 08:44:04 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/07/03 16:43:12 | 079,651,488 | ---- | M] () -- C:\Documents and Settings\Schuler\My Documents\tst bu.reg
[2010/06/27 19:50:21 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/27 19:50:21 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/27 19:50:20 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/27 19:30:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/06/17 20:58:36 | 000,158,665 | ---- | M] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 2.jpg
[2010/06/17 20:58:08 | 000,183,478 | ---- | M] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 1.jpg
[2010/06/16 21:16:27 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Schuler at 6 55 PM.job
[2010/06/13 21:11:48 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Schuler\Desktop\Update Checker.lnk
[2010/06/13 20:47:23 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/13 19:09:40 | 000,020,168 | ---- | M] () -- C:\Documents and Settings\Schuler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/13 17:40:42 | 000,001,391 | -H-- | M] () -- C:\IPH.PH
[2010/06/13 17:40:29 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/06/13 17:40:29 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/06/13 17:33:01 | 000,608,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

========== Files Created - No Company Name ==========

[2010/07/03 16:43:00 | 079,651,488 | ---- | C] () -- C:\Documents and Settings\Schuler\My Documents\tst bu.reg
[2010/06/27 19:30:32 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/27 19:30:27 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/27 19:30:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/27 19:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/06/17 20:58:36 | 000,158,665 | ---- | C] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 2.jpg
[2010/06/17 20:58:06 | 000,183,478 | ---- | C] () -- C:\Documents and Settings\Schuler\Desktop\Garage Down 1.jpg
[2010/06/17 16:41:25 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/06/17 16:41:23 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/13 21:11:48 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Schuler\Desktop\Update Checker.lnk
[2010/06/13 17:40:29 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Schuler\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/06/13 17:40:29 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/02 11:04:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/08/15 15:15:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2008/08/10 16:31:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/08/10 16:30:52 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/29 20:45:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2008/04/29 20:44:59 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2008/04/29 20:44:51 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2008/04/29 20:44:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2008/04/29 20:44:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2008/04/29 20:44:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2008/04/29 20:44:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008/04/29 20:43:01 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2008/04/29 20:43:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2008/04/29 20:32:16 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/04/27 18:36:22 | 002,064,384 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2008/04/27 18:36:22 | 001,294,422 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< C:\mbam-error.txt /c >

< C:\rkill.log /c >

< C:\Program Files\SUPERAntiSpyware\*.sys /s >
[2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
[2010/02/17 14:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
[2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

< C:\Program Files\CA\*.sys /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall >

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AIM_7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Diagnostics_N]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOLOCP_Y]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudibleManager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Audio CD Ripper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Sync Manager (Unicode)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Video Converter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative ZEN (DVP-FL0001)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eTrust Suite Personal]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eusing Free Registry Cleaner]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileHippo.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB909520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB915800-v4]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB940157]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB943729]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944533-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB947864-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961503]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963093]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968930]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971513]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972636-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165-v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982632-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark 5400 Series]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 4 Client Profile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Display Control Panel]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA nView Desktop Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysInfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemRequirementsLab]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VETWIN32Vp5]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search Defender]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Software Update]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YInstHelper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZEN (MTP) Media Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZENcast Organizer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B2DBF55-05D4-4072-87D8-689141E262BD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45338B07-A236-4270-9A77-EBB4115517B5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A05B328-35EB-4CED-B16F-62FA5A2642E6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{609B0E8F-0E98-46BF-85F9-7123D1022D84}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120409-6000-11D3-8CFE-0150048383C9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4124E95-5061-4776-8D5D-E3D931C778E1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5068583-D569-468B-9755-5FBF5848F46F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DABF43D9-1104-4764-927B-5BED1274A3B0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6158D07-2637-4ECF-B576-37C489669174}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB08F381-6533-4108-B7DD-039E11FBC27E}]


< MD5 for: KBDCLASS.SYS >
[2008/04/27 20:13:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
[2008/08/14 14:26:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
[2008/04/27 20:13:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:kbdclass.sys
[2008/08/14 14:26:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2004/08/04 01:58:32 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


Here is the